Monthly
Resource exhaustion in pypdf versions prior to 6.7.1 occurs when processing maliciously crafted PDF files with manipulated /ToUnicode font entries, causing excessive memory consumption and processing delays during text extraction operations. A local attacker with file access can exploit this to degrade system performance, though no code execution or data compromise is possible. The vulnerability affects Python environments using pypdf and is remedied by upgrading to version 6.7.1 or later.
CVE-2025-55181 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Resource exhaustion in pypdf versions prior to 6.7.1 occurs when processing maliciously crafted PDF files with manipulated /ToUnicode font entries, causing excessive memory consumption and processing delays during text extraction operations. A local attacker with file access can exploit this to degrade system performance, though no code execution or data compromise is possible. The vulnerability affects Python environments using pypdf and is remedied by upgrading to version 6.7.1 or later.
CVE-2025-55181 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.